“WE HAVE DEMONSTRATED THAT A LARGE NUMBER OF PASSWORDS CAN BE GUESSED IF PERSONAL INFORMATION IS KNOWN TO THE ATTACKER.”

“We have demonstrated that a large number of passwords can be guessed if personal information is known to the attacker,” noted Ding Wang, lead student author of the study. “Especially if they know passwords from other accounts owned by the potential victim.”

Professor Ping Wang, the corresponding author of the paper, added that targeted online guessing is a “serious security concern”.

This is especially true for two reasons, he went on to explain. One, there are large amounts of personally identifiable information easily accessible to cybercriminals.

Two, cybercriminals are also able to get their hands on millions of leaked passwords, courtesy of data breaches past and present.

“Our results should encourage people to vary the passwords they use on different websites much more substantially to make it harder for criminals to guess their passwords,” said Dr Jeff Yan, co-author of the paper.

“This work should also help inform internet service providers looking to introduce more robust security measures to detect and resist online guessing.”

One approach that is highly recommended is for the use of passphrases. Unlike passwords, these tend to be more complex and longer, yet just as memorable.

RSS Feed

Follow Us on Twitter

ESET Ireland

ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. We pioneered and continue to lead the industry in proactive threat detection. ESET NOD32® Antivirus, our flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security